<div dir="ltr">On Mon, Nov 12, 2012 at 10:27 AM, Oleg Goldshmidt <span dir="ltr"><<a href="mailto:pub@goldshmidt.org" target="_blank">pub@goldshmidt.org</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Mon, Nov 12, <a href="tel:2012" value="+9722012">2012</a> at 10:05 AM, Elazar Leibovich <<a href="mailto:elazarl@gmail.com">elazarl@gmail.com</a>> wrote:<br>
><br>
> I'm considering to disallow concurrent ssh sessions on a single-purpose<br>
> production machine (say, DB server).<br>
><br>
> I thought of replacing the default shell with a shell that keeps its pid<br>
> file in a central place. If such a file already exist, it'll kill the other<br>
> running shell before logging in.<br>
<br>
</div>Can't you use MaxSessions and/or MaxStartups in sshd config for this?<br></blockquote><div><br></div><div><br></div><div>This options, as far as I can tell, drops new connections. I don't want to have a locked server, so I always allow new sessions to kill old ones. But never run concurrently.</div>
<div><br></div><div>(There's a slight issue of scp not working, but this can be taken care of, by less privilleged user which is allowed in, just for rsync/files)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Whatever you do, make sure sshd kills sessions after some appropriate<br>
timeout, otherwise you may find yourself in trouble... ;-)<br></blockquote><div><br></div><div>No problem with my scheme, if sshd won't kill old sessions, new sessions will... (or maybe I misunderstand you).</div><div>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
--<br>
Oleg Goldshmidt | <a href="mailto:pub@goldshmidt.org">pub@goldshmidt.org</a><br>
</blockquote></div><br></div></div>